r 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



A PPl.No. 10/020,498 I 
D °c. Ref. AA1 



© Publication number: 0 101 772 

A1 



© EUROPEAN PATENT APPLICATION 

©Application number: 82304605.7 ©Int.CL 3 : G 07 C 9/00 

© Date of filing: 01.09.82 



© Date of publication of application: 
07.03.84 Bulletin 84/10 

© Designated Contracting States: 
DE FR GB IT 



© Applicant: Lemebon, Jerome Hal 
85 Rector Street 

Metuchen New Jersey, 08840(US) 

© Inventor: Lemelson, Jerome Hal 
85 Rector Street 

Metuchen New Jersey, 08840(US) 

© Representative: Smith, Norman Ian et al, 

F.J. CLEVELAND & COMPANY 40-43 Chancery Lane 
London WC2A1JCt(GB) 



© Computer security systems. 

© A system and method are provided for enabling and 
recording operations relating to computers and computer 
peripheral equipment wherein sensitive or secret data is to 
be entered and stored or processed and data of a similar 
nature is accessible from a memory or calculating circuits. In 
particular, the invention involves electronic means 16 for 
sensing or scanning one or more physical characteristics of a 
person or persons about to enter and/or receive data from a 
computer 50 and generating signals indicative of such 
physical characteristic(s) which signals are automatically 
analyzed and compared with signals stored in a memory 19 
to generate enabling signals for enabling the operation of the 
computer. In addition, a code signal or signals are generated 
which is used to identify the person entering and receiving 
data from the computer 50, which code signal is recorded for 
record purposes along with information indicative of the 
information entered and/or received from the computer. 
Such information may be provided on-line at a monitor 
station remote from a data entry and retrieval station or 
readily available from memory for routine analysis during 
auditing or investigation of error or fraud. In a particular form 
of the invention, both the presence of a person at a computer 
terminal and an identifying characteristic of such person are 
sensed and used to enable the entry and retrieval of data. 
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DESCRIPTION 



This invention relates to a system and method for 
improving the operation of computers and computing systems, par- 
ticularly with respect to the security and confidentiality of 
information contained and entered therein, 

A number of major problems exist in' the operation -of 
computers and computing systems. One of such problems involves 
the unauthorized attainment of data from the computer/or com- 

■ . « 

puting system, ^Another problem is involved with the entry of 
data into a computer or memory associated with a computing 
system, which data is either incorrect due to an operators 
error or is false as a result of an attempt to commit -fraud and 
falsify records* 

The instant invention is concerned with a computer 
system in which fraud is substantially reduced or," if permitted 
may be easily detected as to its source/ The system also pro- 
' vides for means for assuring that confidential data stored 
therein is available only to persons authorized to view or 
receive same* 
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A primary feature of the instant invention involves 
the identification of all oersons who enter data into a com- 

4 

puter and preferably, although not necessarily, all persons 'who 
receive data from the computer or, in a specialized form, all 
persons who receive confidential data from the computer. .Such 
identification may be effected in a number of manners including 
the automatic electronic recognition of a particular feature of 
the person about to enter or receive data with respect to the 
computer or computer memory. Such recognition may be -effected 
by the electronic analysis of a person's voice signals generated 
when the person speaks into a microphone, the automatic electro- 
optical scanning of a person* s fingerprint presented by the 

person to a scanning location, the automatic electro-optical or 

9 

otherwise effected scanning of the dimensions of a person's hand 
including the fingers thereof, the electro-optical scanning of-' 
a' person's face from one or more directions or the scanning of 
eny other body feature of the person wherein the analog signals 
derived from said scanning are digitized and are compared .with 
signals derived from a memory which were originally recorded in 
"such memory from signals .derived in similar scans of the same 
person. Such identification results in the generation "of a code 
signal, preferably from the computer memory, which is recorded 
in -a temporary storage device such as on a magnetic disc or in 
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an electronic memory, and the reproduction of such code signals 
from . such storage device each time an entry is made "by .the 
operator into the computer or data is received from the computer 
or together with the information so recorded and/or a code 
signal or signals representative of the memory derived from the 
cxnaputer. The enabling signal or control which permits data to 
be received or entered may be periodically updated or refreshed 
in accordance with periodic checks of. the identification of the 
person entering the data which may be randomly or periodically ' 
indicated by a warning device requiring same or a sensing device 
which senses when such'person leaves the vicinity of the terminal 
at which data is entered or requested. 

In another form of the invention, data may be entered 
or requested by. person speaking words into a microphone at 
the computer terminal or remote "therefrom and connected to the 
computer terminal by short wave or telephone lines, wherein the 
voice signals of the person entering or requesting' the, data are 
automatically analyzed by the computer for identifying such • 
person and generating an enabling signal as well as the identi- 
fication code signal which is recorded along with signals 
indicative of the information derived from and/or entered into 
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the computer. Such automatic analysis may occur as the person 
speaks words indicative of information requested or to be 
answered, • 

In a particular form of the invention, two or more of 
the aforedescribed personal identification techniques may he 
•employed and required for the entry or attainment of data or 
of specific data in the computer. 

Accordingly, it is a primary object of this invention 
to provide a new end improved system and method for operating a 
computer or computing system. 

Another object is to provide a^system and method for 
operating a computer or computing system wherein identification 
of persons having access thereto and entering or receiving data 
with respect to the computer or its memory, is ascertained. 

Another object is to provide a computer or computing 
system in which persons entering data into the system are 
identified and all transactions, including data entered and., 
received, are identified and recorded as to the identification 
of the person partaking in such transactions. 

Another object is to provide a computing system in 
which fraud in the entry of data is greatly reduced. 

Another object is to. provide a computer system in Which 
confidential data stored in or retrieved from a computer, is 
not available to any but authorized persons.- 

BAD ORIGINAL 
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Another object is to provide a; computer systeit. in 
which, data is both- entered and retrieved from the computer or 
its memory by the' automatic analysis of speech signals gener- 
ated by a person speaking into a microphone which analysis 
results in identification of such person and the generation of 
a code which is applied as a recording to indie at the inf orma- 
tion derived from and entered into the computer, for record 
keeping purposes. 

Another object is to provide a computer security system 
in which the presence of a person is sensed at a terminal and the 
person is identified by sensing a physical characteristic of such 
person or. by the person entering a code into the computer or 
auxiliary equipment wherein, if such person should leave the 
vicinity of the terminal, another person will not be able to 
operate the computer without further identification of such other 
person. 

Another object is to provide a computer security system 
in which a record is made of the identity of all persons operating 

the computer and the information entered and received fron zhe 

• • • 

computer, whereby the source of data entered into the computer 
and retrieved therefrom may be identified for auditing purposes 

j and control. 
I 
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Another object is to provide a computer security system 
in which signals are recorded which positively identify persons 
who operate a computer or peripheral together with an indication 
of time of operation of the computer and information transferred. 

With the above and such other objects in view as may 

hereinafter more fully appear, the invention consists of the- 

novel constructions, combinations and arrangements of parts and 

method as will be more fully described and illustrated in the 

accompanying drawings, but it is to be understood that changes, 

: variations and modifications may be resorted to which fall within 
i * 
the scope of the invention as claimed. 

In the drawings: 

FIG. 1 is a schematic diagram showing features of the 
j broad computer" security and control system defining the instant 

invention; and 

FIG. 2 is a more detailed schematic diagram of the 
computer security system defining the instant invention. 

Tn FIG. 1 is shorn broad aspects of a data terminal 11A 
•forming part of a data processing system 10 which includes a . 
• computer 50' and . one or more of such terminals which may time- 
share the computer 50 through interface 49 such as a time sharing 
multiplexing system. 2h.e terminal 11A includes a coded keyboard 
12 having an output 12A- extending to a control gate or switch 14y 
which itself contains an output 14A extending to the interface 
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'or multiplexing device 49. The latter interface 49 contains one 
or more outputs 49A extending to the input or inputs of the com- 
puter 50 while the computer 50 contains one or more outputs 493 
extending to the interface 49 which itself contains a plurality 
of outputs one of which 14B; extends to the gate .14 and an outrxt 
14.C from*, such gate extends to the input 13A of a memory or 
"buffer 13B for an image writing display 13 which may comprise 
a conventional display cathode ray tube. Unless gate 14, which 
may contain one or more switches for enabling information to he 
transmitted from the coded keyboard 12 to the interface 49 and 

a computer 50 and .from the computer 50 to the memory or buffer 

. is closed ' , 

13B for the cathode ray tube 13 /such functions relating to the 

computer 50 as data input thereto, data retreived therefrom and 
programming of the computer may not be performed. 

In order to enable the operation of the computer 50 # f rem' 
the terminal 11 A, an operator sitting at the coded keyboard 12 
must properly activate one or more sensors,' at least one of which 
is a sensor of a physical characteristic of the operator such 
as a microphone or other device. In PIG. 1, a -microphone *.5A is 
provided at the terminal, preferably although not necessarily, 
attached :to the frame supporting the coded keyboard 12 and the 
cathode ray tube display 13 and at a location such that a person 
sitting at such keyboard may speak selected words into the micro- 
phone so that analog audio signals will be generated on the 
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i 
i 

output thereof which, extends to a computer or speech recog- 
nition processor 16 of conventional design. . 

The speech recognition processor computer 16 is operable 
to process or digitize the analog speech signals generated on the 
output of the microphone 15A and automatically, analyze same by . 
comparing the results with signals generated from a memory in the 
processor. Wh.en the signals so analyzed match or otherwise com- 
pare with signals reproduced from the memory of the processor, 
which memory contains recordings or speech information from one 
or more persons authorized to operate the computer 50, a first 
signal is generated on one of a plurality of outputs 16A of the 
processor 16 and is applied to a particular circuit of a multiple 
input storage device 19 containing codes associated, with differ- 
ent persons authorized to use the computer 50. -Depending upon 
which of the outputs 16A of the processor. 16 is activated, one j 
of the codes stored in the storage device 19 is generated on its 
output 19A and is passed to the input 143) of the gate 14. Y/hen 
gate 14 is properly operated and closed, such code is passed to - 

the computer 50 through the interface 49 and is recorded in the \ 

i 

. -memory of the computer together with an indication of the time 
and date of such recording, as generated by either an internal 

i 

\ clock associated with the computer circuits or an external clock 
■ connected 'to the computer. An indication of the information 
transmitted to the computer 50 from the coded keyboard . 1 2 and 
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received from the computer end displayed on the display screen of 
a cathode ray tube 13, is recorded in a special section of the 
memory of the computer 50 or an auxiliary memory located within or 
external 'of the computer so that an identification of the person 
operating Ihecoraputer, the information such person enters into 
the computer and the. ' information received from 'the computer as 
well as the date and time of day such information is generated or 
received, is had for -future reference. 

Gate 14, which is normally open and thereby prevents the 
transmission of information to or from the^ccmputer with respect 
to the terminal 11A, win close to pass information in "both 
directions when the speech recognition processor-computer 16 
recognizes the speecn signals received as those generated "by a 
person authorized to "use the computer and generates, in addition 
to a-signal on- one of the outputs 16A for generating the describe jl 
code identifying the person, a control signal on another output 
16B which activates a "bi-stable switch or relay 16C, the output _ 
of which energizes one input of a logical A2?2 circuit 17 which is 
maintained energized either for the duration of the time the 
" computer is used by the person at the terminal or until a sensor 

♦ 

at the terminal senses the movement of such person away from the 
terminal. Such sensor, denoted 1 5S in FIG. 1, may comprise a 

limit switch supported within the seat or cushion of the terminal, 

t.' 

the output 15SA of which extends to the other input of the A!TO 
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circuit 17, thereby generating an output signal on the output 17A 
of the AND circuit 17, which output extends to the svdtching. 
input HE of the gate 14. When so energized, gate 14 closes • 
thereby allowing information thereafter to he passed from the : 
coded keyboard 12 to the computer and also allowing the code j 
generated on the output of the code generator 19, which is temp- 
orarily delayed in a delay element or relay 19D, to be passed to j 
the computer. Also, when gate 14 is closed as described, infor- j 

1 

mation generated .by the computer from its memory. or from calcu- I 

i 

lations performed thereby, may pass through such gate to the in- • 
put 13A of the buffer 13B for the cathode ray tube display 13 and j 
to be thereby generated as a still image of lines of alpha-numer- j 
ic characters or other information generated by the computer 50. '' 
Should the' person sitting at the terminal 11A leave the 

1 

vicinity of the terminal, the presence sensor 15S becomes deactivj 
ated causing the output of the AND circuit 17 to be terminated, 

and a control- such as a logical NOT circuit or other contacts 

of the presence sensor switch' to become closed or activated so 

"as to signal .the microprocessor or computer 16 or directly • 
an input 14P of the switch 

. control/ the switch or gate 14 to open/so that, should another 

person try to operate the terminal, such -.operation will not 

be possible .until such other person is identified and properly 

positioned at the terminal as described. 
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Identification of the person seeking to use the comput- 
er 50 may "be effected in a number of manners as described and 
also be such person selectively operating switches of the key- 
board 12 to generate a selected code or codes known only to 
such person .or a limited number of persons, which code or codes 
may be directly applied to close gate 14 or may be utilized to 
aoperate.an auxilliary control means such as a coded relay or 
circuit for generating a signal on an input to the AND circuit 
17 or other logical circuit receiving a signal, for example,' 
. from a presence sensor such as sensor 15S. If the gate 14 is 
a bistable switch, it may be automatically caused to open when 
it receives a signal generated, for example, when the person 
operating the terminal, leaves the terminal as sensed by sensor 
15S. ^ ' 

Memory 19 may also comprise an EPROM (erasible pro gr am- 
mable read only memory) forming part of the speech signal recog- 
nition computer 16 and operable to generate a code identifying 
the person whose speech signals are recognized by such computer 
which code signal may be passed therefrom either directly to 
the computer 50 for recording therein along with signals indica- 
' tive of the information entered into the computer 50 by the 
selecteive operation of the keyboard or other means and of any 
information derived from the computer 50 or such identifying 
code may be stored in an auxilliary memory such as another 
EPROM to be read therefrom whenever the keyboard 12 is operated 

< 

thereafter aha/or whenever queried hy signals from the computer 
t* 

which may he programmed to identify sensitive information. 
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FIG-'. 2 shows greater details of a system 10A vjhich is a 
• modified form of system 10 of PIG. 1 and is operable for assur- 
ing computer operating security. Y/hereas in ?IG. 1 a number of 
subsystems and discreet components are employed to enable the ' 
transmission. of information to a computer and the reception and 
display of information generated "by the computer, in ITG. 2 a 
microprocessor or microcomputer 20 is employed, which is pro- ; 

i 

! 

grammed to control the transmission of data to and from, a 

plurality of data storage and • analyzing devices, the combination ■ 

of which are operable to assure computer data security, by : 

» 

| identifying the person attempting to operate the terminal and 

i - " I 

\ input data into a local or remote computer which may he. time 

■ I 
shared with other terminals and receive data from such remote ! 

- . ~* • 

computer. Means -are also provided for generating a code assoc- 
iated with the person so identified and recording such code either 

locally in a memory or within the memory of the computer along j 

1 

with information identifying the. data transmitted to the corn- 
is " ; 
- puter and received from the computer so that if it/necessary; to 

indicate Y/ho of the -persons authorized to operate the terainaT. 
entered specific data in the computer memory and received spec- 
ific data therefrom, such function may be performed at one or 
more terminals of the 'system or at a central terminal or monitor 
station which may be located near the computer. 

r r 
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The computer 50. may comprise a data processing computer, 
image or document information storage and retrieval computer, 
scientific information storage and retrieval computer or any- 
type of computer which is operable to receive and/or disseminate 
information of a sensitive nature. One or more input end output 
lines 50A and 50B extend to the computer for the- transmission 
of data thereto from one or more terminals and the reception of 
data stored in the memory of the computer or generated by its 
computing circuits, A monitor station 50M is provided having a 

television display, such as a cathode ray tube 50D which is 
driven and' the display thereof maintained by a buffer 50C which 
includes a decoder-driver and refresh memory. A manually oper- 
able keyboard 5 OK is also provided at the monitor station for 
two-way communication with the computer and, although not illus- 
trated, control- means of the type which will be described to 
assure computer security at the terminals which communicate with 
the computer 50, may also be provided at the monitor station 50M. 

An alarm 50E located at.the monitor station 50M, which ' 
may be part of or attached to the video display 50D or keyboard 
,50K, is operable to alert a person at the monitor station of 
certain conditions which may exist at one or more of the termin- 
als which are operable to communicate with the computer- 50, enter 
data therein and. receive data therefrom. Such a remote condition 

1 1 



0 



ft 
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as an aborted -attempt to communicate with, the computer, a number 
of such attempts, the presence of a person at any of the terminal^ 
or the removal of such persons from a terminal, may be initially J 
indicated by operation of. the alarm 50E when its driver 50F 'is j 

activated by a signal from the computer 50 and further details 

• . j 
thereof may be derived by information transmitted from the com- 

■ 

puter 50 to the display 50 D* • 

Prom multiple terminal operation, an input-output inter- 
face 49, as described, connects the circuits 50A and 50B to 

computer 50 directly with an output HP of control microprocessor 

-49A 

or computer 20 and an output ^hereof to a transmission gate 140 
the- output of which extends to microprocessor -20'. Microprocessor 
20 is clocked- by signals from an oscillator 22 having an attend- 
ant, feedback circuit 22E for stability. 

The microprocessor 20 receives signals from a plurality 
of inputs including: 

[a] a manual keyboard 12 with which the operator of the 
j terminal may enter data into the computer 20 and by means: of 

( which the operator may receive data therefrom, such as data 
stored in* the memory of the computer, an auxiliary memory con- 

j . trolled by the computer or data defining the results of computa- 

I tions performed "by the computer. 

" To verify that the person sitting at the terminal is 
authorized to enter data into the computer and to receive data ! 
from the computer and permit such entry and retrieval and, further, 
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to record such "transactions and operations including the identifi- 
cation of the person at the computer terminal v/ho is cognrunicat- 
ing with the computer and the date of such communications, the 
following input and output devices are employed per se or in 
combination: 

[b] & microphone 23 is disposed convenient to the oper- 
ator of the keyboard 12, such as integral- therewith or adjacent 
thereto. To identify the operator, selected words are spoken by 
the operator into the microphone 23 and are amplified by an 
amplifier 23A, the output of which extends to an automatic voice- 
print analyzing circuit 24 and a speech recognition computer "27, 
both of which have respective variable input devices such as 
pluggable memories 25 and 28 which are preferably locked and 
secureiin a housing, such as the terminal housing, and cay be • 
changed with the changing of personnel who are authorized to . 
use the computer at the terminal 11A. An interface 26 receives 
the signal output of the analyzing circuit 24- and a second inter- 
face 29 receives the signals output from the speech- processor 27, 
inputing such signals to the microprocessor 20 on respective cir- 
cuits, for use thereby in comparing such outputs with signals 
derived from the voice-print memory 25 and the speech pattern 
memory 28. The computer and microprocessor 20 automatically 
determine: if the person at the terminal, who is speaking the 
selected words into the microphone, is actually a person author- 
ized to use the computer 50 from the analysis which includes 

!* BAH rfShlfcJNAL 
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signals transmitted by the microprocessor to a code, comparator 
30. Upon positive identification of such person at the*, terminal 
by .the analysis of .the signals ' output by .the microprocessor 20, 
a switching signal is generated end transmitted" from' the micro- 
processor to the transmission gate HG which is controlled 
thereby to close and thereby permit the transmission* of signals \ 

• • • • • ■ : • . . j 

output by the interface from the computer 50 to 'the microprocessor, j 

when received, which signals may be used to activate respective i 

drives 31, 33,. 35 and. 37. for a plurality .of circuits. Drive 31 

is operable for controlling display functions ot a video display 

.13, which may be. a cathode ray tube of the type- described, adja- 

. ••••*'..' 
cent or attached*. 'to a keyboard 12. Drives 33 m& 35 are onerable 

to respectively drive a hard copy printer 34 and a facsimile 
signal transmitter 36. Drive 37 receives control signals for a 
•synthetic speech signal generator 38 from the microprocessor. 20 
which generator generates speech signals. of words defining infor- 
mation received from the computer" 50, which signals are con- 1 
. verted from digital form as received, to "analog form in a digitalj- 

• to-analog converter 38D, the output of which is connected to a 
. . speaker 39 for. generating sounds .of words indicating the data 

• generated for the person at the terminal 11A to hear. A control 

t* 

t 

BAD ORIGINAL A 
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38C, "preferably forming part of the keyboard 12, may "be employed 
by the operator of the terminal to effect •repeated- reproduction of 

• . . • 

signals generated by the signal generator 38 and the regeneration 
of the same words on the output of the speaker 39 in the. event • 
that "tiie operator requires such repeat to intelligibly determine 
the nature of the - information so gene-rated. . In addition to gen- 
erating sounds of words defining information requested by the 
.operator of the keyboard 12, instructions- and commands generated 
by the central computer 50 associated with the operation of the 
keyboard 12 and other variables, may also be transmitted to pre- 
determinately operate the speech signal generator '38 and generate 

specific words on the output of the speaker Tor facilitating 
system operations. 

A television' camera 40, under control of signals .gener- 
ated on respective, outputs of the microprocessor 20/ is also 
employed to scan .the face pf the operator of the terminal " 1A 
and/or to scan document information to be processed and entered 
into the memory of. the computer 50 as one or more full-frame 
video signals generated on the output 40A of the .camera. Such 
analog video' signals, are converted to digital form in 'an analog- 
to-digital converter 41 and passed to the. microprocessor 20 for 
storage in its video image memory 46 and/or for transmission to 
the .computer .50'- on an output extending to the interface 49A, ~o 



- 19 - 
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"be" entered in "the memory of the computer for identifying the ' 
operator of the terminal in an on-line manner for use in ' 
activating the display 50 a> to permit an operator of the monitor 
station 50M to view and identify an image of 'the- face of the 
person at the terminal. Such video image signal or signals gen- j 
erated on the .output of the camera 40 may he .stored in the memory j 
of the computer 50 together with signals or codes which are 
indicative of the time of day and the information transmitted to j 

• '. 

and received from the computer "by means which will he described, 

•V. To maintain images on the image screen of ' the cathode ray \ 

tube of the video display 13 of the terminal 11 A, a huff er memory { 

' 47, such as a magnetic disc or high density storage EPHOM has in- 

■-f • ! 

put and output lines .extending to and from the microprocessor 20. S 

.* . - i 

-Display generating video signals derived from the computer 50, j 

the video camera 40, the microprocessor 20 "or -generated by the 
selective operation of the keyboard 12, are input* *to the buff er 
memory 47 and temporarily stored therein for cyclically refresh- I 
ing the display screen of the video terminal display 13'. A • 
'character generating memory 32 receives signals from the micro- 
processor 20 through a decoder, driver 31 as originally generated 
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"by. the computer 50 or the selected operation of the keyboard 12 
end provided by <a key code memory 62 connected to 'the micro- 
processor 20, Such, memory 62 may also he integral- with the 
encoded keyboard "12 andmay.be utilized to generate a code or 
codes in accordance with, signals received from the microprocessor 

• • # • • . — 

20" and- generated "by means other than the encoded' keyboard 12.'* 
... • ' • • ' • 

'. Control of the write-beam of the cathode ray tube of.the '• 

•display 13 is effected, when needed, by signals generated as 

• • • . 

reproduced from, part -of the buff er-s tor age memory 47 which also' ■• 
generates deflection control digital signals for controlling 
. operation of the scanning movement of the read-"beam of the tele- 
vision camera .42-, which signals are transmitted through the 
* — • 

microprocessor to respective digital-to-analog converters £ 4 and 
45 -which are respectively connected to the horizontal end vertical 
sweet) controls 42 and 43 of the camera 20. ■ 

< • 

Additional means as described are employed to identify the 
person art the terminal VIA who is seeking to operate the computer 
50« Such additional means may be optionally provided in accordance 
. with the degree and nature of. the security required of the system 
i and include a normally open limit svdtch 51 v/hich may be closed 
by the 'weight of a person 'sit ting'lat the computer terminal or. 
standing on a pad adjacent the display 13, The output* of linfct 
„ switch 51 is connected to a debounce circuit 52 "to the* micro- 
processor 20 and receives electrical energy, converted* to a . 
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suitable voltage by conventional means,' from a source of line 

current or power supply . employed to provide such' electrical 

,- 

.energy for energizing the other components and • subsystems illus- 
trated. . ' • 

An ultrasonic ally operated sensor 53 for sensing the 
presence of a person at the terminal 11A generates .an output 
signal upon effecting such, sensing,, which signal is transmitted 

through -an interface 54 to the microprocessor 20. ■* 

. • A second ultrasonic sensor 55 may be utilized to sense " 
changes in the environment of the terminal 11A, such as the •• ■ .*• 
presence of one -or more additional persons thereat Vho' may be 
able .to receive and discriminate information generated by the 
video display -t3, the printer 34, the facsimile - machine 36 or 
the speech signal generator 38. The output of . sensor '55 is ' 
transmitted to the microprocessor 20 through an interface. 56 and 
may be utilized to open the transmission gate 14G, activate the 
/alarm 50E or; a separate alarm at the terminal 11 A, effect the 
generation of speech signals on the output of a - speech' signal 
^generator 38 .which are indicative of such condition .and warn 
the persons at "the temiinal that the computer may not be operated 
until the additional person or persons leave the vicinity of 
the terminal or effect their identification. 
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I • Still further identification of a person or persons at 

l • 

the terminal 11A may be effected by means of a fingerprint reader 
j . 5.7- of conventional design which includes electro-optical means' 
j '• for scanning the fingerprint of a person or persons presented to 
• a scanning, location and generating digital signals, indicative of 

the fingerprint at an interface 58 which is connected to' the 
' microprocessor' 20. A fingerprint signal containing memory 59 is 

•also connected to the microprocessor 20 and when queried by a 

• • • * 

•.signal -therefrom, transmits signals reproduced from' its memory to 
the microprocessor, which signals are compared in a conroarison 

. circuit of the code comparator 30 or a fingerprint signal recog- 
nition processor forming part of the memory of the microprocessor 

• . 

20 or connected thereto. * - . . 

It is noted that -one or more of the described personal 
identification and indicating means connected to the micropro- 
cessor 20, may he utilized in a particular computer security 
system depending upon the , particular requirements for security. 

A combination of the personal presence sensor or limit* switch 51 
. and any of -the described voice print analyzing, speech recog- - 
' hition, ultrasonic operator and environmental sensors, fingerpr'injt 

scanner or any other sensing or scanning device which is operable 
j -to generate identification signals upon sensing a physical char- 
acteristic of the person at the terminal, may be utilized to gen- 
<; erate information signals to be input to the microprocessor 20 ' 
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and" analyzed "by circuits thereof or the circuits of one of more 
peripheral devices to .permit the microprocessor to control the 
transmission gate, the display, printer' and facsimile transmitt- 
..er.»-of information ,V';the speech signal generator to generate 
•speech indications of all or part of the information received 

• from the computer 50 or local information generating devices. 

Notation 60 refers to an operational program memory having 

input and output • circuits connected to the microprocessor 20 

for controlling its operation. An additional memory' 61 is also ' 

provided for generating code signals.,/.' such as codes identifying 

different persons authorized to operate the computer 50 from jihe 
•" • i 

• terminal 11A, and may he queried hy signals from the micropro- 

• cessor 20 to generate a code identifying such person, whenever 
required, which code may be recorded in a memory "of the micro-** 
•processor, transmitted "to a separate local memory or to the / 
■central computer 50 to Re recorded in its memory adjacent . signals 
which indicate the information transmitted to the computer by 

I such operator and transmitted from the computer to the- terminal 
L 11 A- for activating the display 13, the printer 3'4, the facsimile 

: machine 36 and/or the speech signal generator 38 as described,. 

I * • 

i ,A clock signal generator 66 is also provided connected to the • 

| microprocessor, which generates time code signals which may be 

gated -through the microprocessor to the central computer 50 

, " \ 

together: with the code, signals derived from memory 61 and ind^ca- 
tive- of the identification of the operator of the: terminal "!A 
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so that both personal identification and time code signals are 
available for recording in a computer memory together with codes 
indicative of the information transmitted to and received from 
the computer by the terminal 11A. Such information may be derive^ 
from the memory of the computer 50 and displayed., on the display 
50D thereof or utilized to operate a hard copy printer 60P at the 
monitor station 50M to make it readily available to a person or ' 
persona monitoring the information entered into the computer and 
derived therefrom by- any of a plurality of monitor stations and 
. to determine at any time what information has been entered into 
! the computer 5Q .and received therefrom, the time of such entry on 
. reception and" the person entering or receiving the information. 

• Signals generated by the microprocessor 20 and transmitted to the 
computer 50, jnay also be indicative of the operation of the 

, printer 34, the facsimile machine 36 and the speech" signal gen- 
•' erator 38, which systems may be selectively controlled in their 

• operation by the selective operation of the keyboard 12. The 
•coded keys of the keyboard 12 which are operated to selectively 

transmit information from the computer to the printer 34, the 
facsimile machine 36 and the speech signal generator 38 may also 
be operable'.to provide control signals for controlling the micro- 
processor 20 to transmit code signals to the computer 50 whicn 
are indicative of the. operation of such peripheral devices* and 
which may be recorded in the -memory of the computer together with 
the code signals identifying the person operating the terminal. 
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Also provided at the terminal 1U and connected to receive 
speech signals generated by the microphone 23 when » a switch 
23S is manually closed, is a speech signal synthesizing and 
recognition circuit 63 which is operable to identify specific 
words spoken into the microphone, such as verbal commands for 
predeterminately generating data to be entered into the computer 
50 and controlling the operation of such computer from, the 

terminal 11A as described. In other words,- the speech analyzing 

' circuits of the speech analyzing, computer 63 may be used as an 

■ **•« .• 'i 

auxilliary means for entering data defined by words defining numbers 
and other speech spoken into the microphone 23 and- for receiving 
selected information from the computer with or without the 
selective operation of the keys of the keyboard 12. - 

The' terminal video display or cathode ray tube receiver 
13 may he operated by signals from the decoder driver" 31 which 
receives video signals- from the character generator 32 'which is 
activated by signals from the microprocessor 20 and by video 
signals derived by converting the video digital signals received 
from the buff er -storage memory 47 and gated to-a digital-tc-enalog 
converter 64 which is connected to a- : video deflection. 
■| and intensity control circuits associated with the 13. 
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The speech "signal analyzing computer 63 and- the speech 
recognition processor' 27 may be made in accordance with speech • 
recognition devices and systems produced by such companies as ! 
Threshold Technology'. -Inc.* of :.Belran,:Jfew Jersey; .Dialog Systems 
Inc. of Belmont, Massachusetts;- Scott Instruments. Denton, Texas 
or-others, it being- noted that the electronic subsystems denoted ! 
24,25,27 and 28 may form a single speech synthesizing and anal- 
ysis computer obtainable from one' of such companies. The speech 

4 

signal generator computer 38 may be derivable from or obtain .com- 
ponents manufactured by such companies' as Texas -"Instruments Corp- 
oration, Dallas, Texas using their TNC 0820 or other speech syn- 
thesizing circuits or speech synthesizers and speech generating 

i 

computers manufactured by such companies as .Telesensory Systems 
Inc of Palo Alto, California; Votrax Division, Federal Screw Works} 
Troy Michigan; Per iphonics, Bohemia, New York; Interstate Electron- 
ics-, Anaheim, California and others. The synthetic" speech pro- 
cessor 27 and analyzer 24, for example, may comprise the" Thresh- 
old 500 voice recognition computer or the like. 

■ 1 

l It is noted tbat tbe described data security system or 

! • • • • '" 

' .a part thereof may be utilized as a guard against theft or iraprop- 

er operation of other forms of accounting machines such as cash 

registers and other cash or article dispensing machines • Por ex-, 

ample, personal and presence identification means as described 

in combination with a oomputer.or microprocessor and electronic 

circuit elements and subsystems as described may be employed to 

ft *n nniniKi ai * 
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permit or enable the operation of a cash register or the like-' 
wherein transactions performed are recorded in a» memory such as 
a microprocessor memory or on a record member which is not dis- . 

•» • . • • 

pensed to a customer together with a code aasociated with the 
operator of the cash register wherein such code may 'be generated 
by any of the means described used per se or. in combination. 
Such a personar'id'entification code, for example/ may he, generated 
when the user of the cash register depresses or activates a push- 
buttom switch wherein the finger causing such- switch "activation 
is photo electrically scanned and the resulting signals are. pro- 
cessed to generate the -code and, in. certain instances, analyzed 
to enable operation of the register. If the code identifying the 
"person operating the register is recorded with each transactidn 

i 

' wherein the latter includes the amount of the. transaction, then 
j errors which are thereafter detected' may he attributed to the 

j person or persons using the cash register. A microphone and 

« ■ 

j electronic circuits as described for analyzing voice signals of 
| words spoken by a person using i;he register may -also be employed 

to generate user identifying codes and enable operation of the 
; register.. - 

• - * * 

. It should be understood with respect to all of the 

• embodiments illustrated - and described above that nower sunnlies 

having the correct polarities and -magnitudes are provided, where 
'.'not indicated in the drawings, so as to supply proper electrical- 

energy for appropriately operating the various ' illustrated 

circuits as described" in the specification and in a manner to 
: properly perform the functions described. 
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CLAIMS 



-1. A computer security system comprising: -» 

(a) first means including a computer and a keyboard 
operable for entering data into said computer and for obtaining 
data from said computer, 

(b) second .means for identifying persons seeking to 
enter data into said computer and obtain data from said computer, 
said -second means including at least one transducer for sensing 

at least one personal characteristic of a person at said keyboard, 

(c) third means operable when said second means identifies 
a person for generating a code defined by electrical signals 
indicative of the person identified, 

(d) fourth means for receiving and recording said 
.electrical signals, 

(e) fifth means connected to said second means for 
enabling the entry of data into said computer when said second 
means properly identifies a person seeking to enter data, and 

(f ) sixth means connected said second means for enabling 
the obtaining of data from said computer when said second' means 
properly identifies the person seeking to obtain such dara. 

1 i 
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2. A system in accordance with Claim 1 wherein said 
second means includes' means for generating electrical signals 
representative of the characteristic of the person sensed, means 
for processing the electrical signals so generated and generating 
signals defining the characteristic sensed, a memory containing 
recordings defining physical characteristics of a plurality 
of persons authorized to have access to said computer and compara- 
tor means for comparing said signals 'with signals recorded in said 
memory means for generating a control signal when, a proper 
comparison is made and means responsive to said control signal 
for generating said code. 

3. A system in accordance with Claim 1 wherein said 
second means is part of said computer . 
j 4. A system in accordance with Claim 1 wherein said 

j second, third and fourth means are part of said computer. 

{ 5. A system in accordance with Claim 1 wherein said 

■ second means includes a microphone in the vicinity of said 
I keyboard into which microphone the person to he identified 
[may speak selected words and which microphone is operable to 

' generate output electrical speech signals of the speech sounds 
, spoken therein, and means for processing and analyzing such 

■ speech signals for identifying the person and generating said 
code. 
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6 . A system in accordance with Claim 1 including means 
for recording said code generated by said third means along with 
data entered by the person identified into said computer for 
permitting future identification of the person and the information 

entered by said person. 

7. A system in accordance with Claim 6 including a buffer 
circuit for receiving and recording said code generated by said 
third means and means for generating said code from said buffer 
circuit each time the person identified to. generate said code 
enters data into said computer. 

8. A system in accordance with Claim 6 including a 
buffer circuit for receiving and recording said code generated 
by said third means and means for reproducing said code from 
said buffer circuit each time the person is identified to 
generate said, code receives data from said computer. 

9. A system in accordance with Claim 1 including a. 
recording means for d'ata entered into said computer and means 

! for recording the code generated by said third means in sa£d 
latter recording means along with data generated by a person 
identified by said code to provide said code recording as an 

I indication of the data entered into said computer and the person 
effecting .the entry of said data. 

10. A system in accordance with Claim 9 including means 
for generating time .and date indicating codes and means for 

j recording said time and date indicating codes along with the 

code generated by said third means and an indication of the daza 

entered into said computer so as to indicate when such recordings 

'dm 
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are reproduced the person entering the data, time of entry and 
the data entered into said computer. 

11. A system in accordance with Claim 9 including a means 
for generating voice signals of a person at said keyboard and 
means for recording said voice signals along with the code, genera- 
ted by said third means to provide further identification of 

the person entering and retrieving data with respect .to said 
computer. 

12. A system in accordance with Claim 1 including means 
for sensing the presence of a person at said keyboard and genera- 
ting a signal when said person leaves the vicinity of said 
keyboard and means responsive to said latter signal for deactiva- 
ting said sixth means to enable the generation of further 
information by.; said computer only when said second means ■ 
identifies a. person who is in an operating position at said 
keyboard. 

13. A\ system in accordance with Claim 12 including means 
for sensing a number of persons, in the. vicinity of said first 
means, means for identifying each of said persons and generating 
a control signal upon failure to identify said number of persons 
and means, for applying said latter, control signal to prevent 
the operation of said sixth means in enabling the obtaining of 
data from said computer. 
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14. A system in accordance with Claim 12' wherein said 
first means defines a data terminal with a seat for the person 
operating same and said sensing means comprises a switch which 
is operahle when a person is sitting in said seat. 

15. A system in accordance with Claim 12 wherein said 
person sensing means includes radiation receiving means operable 
when a person is at said keyboard. 

16. A system in accordance with Claim 12 wherein said 

! person sensing means includes an ultrasonic sensor operable to 
. sense, the presence of a person at said keyboard. 

17 . A method of recording and reproducing information 
relative to a memory of a computer comprising: 

identifying a person seeking to enter information into 

a computer and to derive information from such computer by 

sensing. a physical characteristic of such person and generating 

electrical signals indicative of such physical characteristic* 

and person identified, 

processing said .electrical signals and comparing same 

with signals generated -from a memory which latter signals are 
derived from scanning the, same physical characteristics of the 

- same person sensed to identify said person, 

generating a control signal when signals generated by 
said memory match the signals generated in scanning the physical 
characteristics of the person seeking information and applying 

I said control, signal to activate an enabling means .-for enabling 
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the person whose physical characteristics are sensed to enter 
information . into said computer and to derive information from said; 

computer , and 

also generating a code identifying the person whose 
physical characteristics are scanned and recording said code 
in a memory when information is entered into or derived from said 
computer in a manner, to -permit identification of the person 
entering or deriving the information from the computer and 
identification of the •information so entered or derived therefrom. 

18". A method in. accordance with Claim 17 wherein recordings 
of said code and the recording is indicative of the information 
entered into the computer and derived therefrom are effected 
in a manner to indicate the identity of the person entering 
information or deriving information from said computer when such 
recordings are reproduced from said memory, 

19 • A method in accordance with Claim 19 -including gene- 
rating further code signals' indicative of the time and date on 
which the information is entered into the 'computer and derived 
therefrom. . . 

20... A method in accordance with Claim 17 wherein the 
physical. characteristics of the person seeking to enter 
information into and receive information from said computer 
. comprises signals generated . from voice sounds of words of the 
person spoken into a microphone, said method including digitizing 
the analog signal .output of said microphone, processing the 
digitized signals and generating code signals thereof for 
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comparison with signals generated from said memory to identify 
the person and. generate said control signal. 

21. A method bf detecting fraud in the operation of a 
computer system comprising: 

identifying all the operators authorized to operate an 
electronic computer system having a plurality of. data entry 
and display terminals and, 

whenever data is entered into said system, generating 
a. code which is unique to the person .entering the data and 
recording said code along with signals indicative of the 
information entered, and 

when it is desired to determine the identification of 
the person entering specific information into the computer 
system, reproducing the signals indicative of the specific 
information to be audited along with the .code, of the person 
entering .said information, and 

- applying said code signal to activate a visual presentation 

i means to cause the visual presentation means to present visually 
i readable information, indicating the identity of the person 
: associated with such code. 

22. A method in accordance with Claim 21 including 
electronically auditing the information entered into said 
computing system to determine errors therein and, when an error 
.is detected, generating a control signal and applying said 
control signal to- effect the reproduction of a recorded code 
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indicative. of the person who entered the erroneous information 

into the system. 

23. A method in accordance with Claim 22 including 
applying said reproduced code to activate a display for displaying . 
the identification of the person who entered the erroneous j 
information into the system. 

24. A method in accordance with Claim 21 wherein the 

code signal unique to the operator who enters data into the • . 
system is generated by electronically detecting such operator, 
and generating detection signals, comparing such detection 
signals with signals. -generated by reproducing code signals of 
a plurality of persons authorized to enter data into the computer 
and, when a match occurs between said detection signal and 
generating said_code identification signals. 

25. A method in .accordance with Claim 24 wherein the ! 
step of electronically detecting and identifying the person j 
entering data into the system is effected by automatically ; 

— " « • 

analyzing signals derived from that person speaking into a j 
microphone . 

26. .A method, in accordance with Claim 25. wherein the 
speech signals, generated by the person to be identified are 
generated from specific, words spoken into a microphone by said 
person. , •• 
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27. A method in accordance with Claim 24 wherein said; 

automatic identification of the person to be identified is . 

effected by electro-optically scanning an image of the face of 

said person and generating a video signal derived from such 
I scanning,, automatically processing said video signal by 
' digitizing same and comparing the results of such processing 
. with signals reproduced- from a memory.which latter signals are 
j derived from video scanning images of the faces of all persons 
authorized to enter data into said system. 

I 28. . A method in accordance with Claim 21. which includes 

i 

identifying the person seeking to enter data into said system 
; by electronically analyzing speech signals generated by such 
: person speaking into a microphone and, upon such identification, 
: generating an 'enabling signal to enable such person to enter 

data into said system. 

29. A computer security system comprising in combination: 

first means, including a computer and a computer terminal ■ 
for communicating with said computer and including input means 
for permitting an operator at said terminal to operate said 
computer, enter- data -therein and obtain data therefrom, 

second means for identifying persons seeking to operate 
said-computer from said terminal and seeking to enter information 
into said computer and obtain data therefrom, said second means 
including a television camera for scanning the face of a person 
at said terminal, 
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said second ***** include means for generating enabling 
for pelting a Person at said terminal to eater data 
.lie said colter and obta* selected data from said colter 

m eans for controlling said television camera to effect 
«! frame scan of the face of a person at said terminal when 
sai d person attests .to operate said colter and to generate a 
full frame video signal containing toe image of the face of sard 

parson on its output,, 

recording means for recording information output by. said 

television camera, 

m eans for generating a firsfcode identifying a person 
at said terminal seeing to operate said computer from sard 

terminal, and 

^ans for recording said first code together vxtb a 
^1-frame video signal derived from said television camera rn 
"said recording means to provide recordings of persons operating 
said computer from said terminal which recordings def^e 
Respective code and video signals derived from both identifying 
! , persons ar said terminal and scanning their facial images . and 

I • display means for displaying characters defining' codes 

: identifying persons and images of the faces of persons scanned by 

said television camera to permit monitoring of persons who have 

operated said computer from said terminal. 
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30*. A computer security system in accordance with 
Claim 29 wherein said television camera is operable to generate 
an analog video signal output and means for processing analog . 
signals output by said television camera to generate digital 
video signals and means for. recording said digital video signals 

in said recording means. 

31. A computer security system, in accordance with 
Claim 29- including reproduction- means for selectively reproducing 
full frame video picture signals from said recording means and 
display means operable to receive the selectively reproduced 
• video signalsrind displaying images of the faces of persons 
scanned by said television camera together with data defined 
by said first code identifying each person whose facial image 
is displayed by said display means. 

32. A -computer security system in accordance with 
Claim 29 including means for generating a second code indicative 
of data obtained from said computer and means for recording said 
second code along with said first code to indicate and identify 
information. derived from said computer and persons receiving 
such information from said computer. 

33. A computer security system in accordance with 
Claim 29 including means for generating and recording time of 
day and date codes along with said first code identifying persons 
operating said computer and recording said time and date codes with 
said identifying, codes in -said recording means, to- serve as a 
'« record of the times and dates person operate said computer 
and the 'identity of persons using said computer. 
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34. A computer security system In accordance with 
Claim 33 including means for generating codes indicative of data 
trm sferred with respect to said computer when it is operated and 
M ans for recording said latter codes along with said first code 
and the codes representing times and dates to provide recorded 
BO nitorable information relating to persons using said computer, 

che information transferred and the time and dates of transfer 

Thereof. 

35. A control and recording system associated- with the 
operation of a data processing system comprising: 

an electronic digital computer, 

first means for entering data into said computer, 
second means for enabling the operation of said first means 
third meiis for automatically identifying a person seeking 
to operate said first means and generating a control signal upon 
effecting such identification and means for applying said control 
signal to said second means to enable operation of said computer, 

said third means being also operable to generate a first 
code defining the identity of the person automatically identified 

thereby. 

electronic memory means , 

fourth means operable when an entry is made into said 
\ computer for recording said first code generated by said third 
means in said memory means « 
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36. A control 'system in accordance with Claim 35 including 
fi£t h means fox generate a second code defining the data entered 

i into said computer, 

„ A control system in accordance with Claim 36 deluding 

a sixth means for generating a third code defining the data 
obtained from said computer, 

38 A control system to accordance with Claim 37 including 
B eans for recording said second and third codes in said .emery 



means , 



M A control system in accordance with Claim 38 including 
m eans for selectively reproducing respective video signals or 
persons operating said computer and corresponding first and 
second codes recorded therewith in said memory means. 
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